package com.Jano.interceptor;/**
 * @ClassName : PermissionInterceptor
 * @Description : 用户权限验证的拦截器
 * @Author : Jano
 * @Date: 2022-07-15 17:15
 */

import com.Jano.annotation.Permission;
import com.Jano.dto.JsonResult;
import com.Jano.model.PermissionModel;
import com.Jano.service.PermissionService;
import com.Jano.util.jwt.Constant;
import com.Jano.util.jwt.JwtTokenUtil;
import com.alibaba.fastjson.JSON;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.util.List;
import java.util.logging.Handler;

/**
 * 用户权限验证的拦截器
 * @author zoumaoji
 * @date 2022/07/15 17:15
 **/

@Component
public class PermissionInterceptor implements HandlerInterceptor {
    @Autowired
    PermissionService permissionService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //此处不必再进行校验是否为空 拦截器已经校验完毕
        String token = request.getHeader(Constant.ACCESS_TOKEN);
        String userName = JwtTokenUtil.getUserName(token);
        /**当前用户自己拥有的权限*/
        List<PermissionModel> hasPermissions = permissionService.findByUsername(userName);
        if (handler instanceof HandlerMethod){
            HandlerMethod hm = (HandlerMethod) handler;
            Method method = hm.getMethod();
            boolean flag = method.isAnnotationPresent(Permission.class);
            //访问的路径的方法上存在注解
            if (flag){
                /**得到此注解的值(权限)*/
                Permission annotation = method.getAnnotation(Permission.class);
                String value = annotation.value();
                /**判断用户是否具有上面所需的权限 */
                boolean exists = hasPermissions.stream().map(permission -> {
                    //功能的URL
                    String funcUrl = permission.getFuncUrl();
                    return funcUrl;
                }).anyMatch(funcUrl -> funcUrl.equals(value));
                /**如果不存在上面所需要的权限,返回权限不足*/
                if (!exists){
                    JsonResult jsonResult = new JsonResult();
                    jsonResult.setCode(HttpStatus.FORBIDDEN.value());
                    jsonResult.setErrMsg("权限不足,静止访问");
                    response.getWriter().write(JSON.toJSONString(jsonResult));
                    response.getWriter().close();
                    return false;
                }
            }
        }
        //flag为false代码访问的当前功能不需要权限,任何人都可以访问的
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}
